Beautiful Trade/Deconstructing Commerce

From WikiContent

In order to rethink e-commerce security, we must first examine what is in place today. The
current security model contains fundamental flaws and suffers from assumptions that are
overly broad and ultimately unnecessary. A series of patches and Band-Aids have been billed
as best practices and part of an in-depth security strategy. And although these security practices
are helpful in protecting data in a generic sense, they do not focus on the real issues of our
payment systems.

As an industry, we have spent a great deal of time and money tracking this data, transforming
this data through encryption, and protecting it in storage and transmission—all to make up for
a lacking security model.
An entire industry has been created around the Payment Card Industry’s Data Security
Standard requirements for merchants and service providers. But why? This data has become
the crown jewels to many security professionals (and those who work against them) in the e-
commerce and retail industries.